1300+ entries in 0.503s
mircea_popescu: "Unfortunately unlike Bitcoin there is no reputation Trezor." << a) trezor's kinda dysfunctional/derpy ; b) of course there is. airgapped
gpg.
☟︎ mircea_popescu: i don't understand how beautyon wants this
gpg forum thing to work
☟︎ ascii_lander read mircea_popescu pgp rfc in half-awake state and almost released brain from nose until realized that it is for -keyserver- and not a pgptron (e.g.
gpg) per se
mircea_popescu: mats
gpg is eventually going to get rewritten anyway, so building some expertise is a good use of time.
mircea_popescu: certserver.pgp.com seems dead (
gpg: keyserver send failed: keyserver error)
mircea_popescu: and then $
gpg --keyserver sks-keyservers.net --send-key <KEYID> and $
gpg --keyserver pgp.mit.edu --send-key <KEYID> where keyid you just copy from the line above.
☟︎ mircea_popescu: for the record, key signing works as follows : $
gpg --edit-key --fingerprint <NAME>
ascii_field: (e.g., can i tell
gpg 'this key is now expired but existing signatures remain valid until heat death of universe' ? afaik no)
ascii_field: funkenstein_: so one could use a bitcoin key for
gpg privkey << i am still at a loss as to why one might wish to do this..
ascii_field: we spoke, for instance, of fuzzing
gpg format.
mircea_popescu: <BingoBoingo> <asciilifeform> does s ever -mention- pgp? << Snowden mentions
GPG all of the time, Greenwald mentions tor all of the time << exactly apt description.
ascii_field wishes to ask mircea_popescu for a favourite tarball of
gpg, signed
mircea_popescu: "this thing breaks iof there's a bug found in
gpg. or if we didn't implement signature checking correctly. or or or or"
mircea_popescu: iirc you were asking for a complex update
gpg signature thing. not for a simple "move x text file from /sda to /sdb"
mircea_popescu: asciilifeform and now you gotta add
gpg and debug it and srsly...
mircea_popescu: this way being hard to pinpoint yet, but mostly a wot based, loose and half anon,
gpg empowered, bitcoin measured thing.
mircea_popescu: if wallet is encrypted in useralnd, then it's read by
gpg mircea_popescu: ben_vulpes don't forget to encrypt your privkey ring with
gpg too
mircea_popescu: as in, random derp w/o
gpg installed wants to send mp stuff encrypted to mp's key, there's page on mp's site with javascript
mircea_popescu: asciilifeform if i remember correctly, usg is on record saying they lack the ability to input a printed
gpg privkey.
mircea_popescu: nubbins` : name/surname ; nick ;
gpg/
gpg on one face, dunno exactly what should be for qntra on the other.
mircea_popescu: same design, name/surname, nick,
gpg key on one side, qntra this that on the other ?
mircea_popescu: yeah, brendafdez why not do it directly for qntra ? you got a
gpg id now and errything
mircea_popescu: but it's inescapable. everything's getting forked.
gpg, linux, the world.
mircea_popescu: as a side note : secure comunication via
gpg works as follows :
mircea_popescu: Looking forward, however, I think of
GPG as a very dangerous technology that really has to go away if we're serious about making it impossible for journalists, their sources, activists and other enemies of the state to survive in a NSA/TSA/ETC-only world."
mircea_popescu: Today, journalists use
GPG to communicate with sources securely, activists use it to coordinate world wide, and software companies use it to help secure their infrastructure. Some really heroic people have put in an enormous amount of effort to get us here, at substantial personal cost, and with little support.
mircea_popescu: "Worse, it turns out that nobody else found all this stuff to be fascinating. Even though
GPG has been around for almost 20 years, there are only ~50,000 keys in the “strong set,” and less than 4 million keys have ever been published to the SKS keyserver pool ever. By today’s standards, that’s a shockingly small user base for a month of activity, much less 20 years."
mircea_popescu: "There just seems to be something particular about people who try
GPG and conclude that it’s a realistic path to introducing private communication in their lives for casual correspondence with strangers. Increasingly, it’s a club that I don’t want to belong to anymore." << well... granted, eh.
mircea_popescu: actually, i recall mentioning here that "wtf, this guy publicly takes pride in having lost his
gpg key ?" a while back
mircea_popescu: mike_c: hm. is it kosher for two nicks in the wot to have the same
gpg key? << notrly. is this observable ?
mircea_popescu: in a world made out of equal idiots who don't have
gpg sigs, THAT is the only possible human activity.
mircea_popescu: and you're right in pointing out that ida is probably a thing to rewrite, alongside
gpg, etc
mircea_popescu: they'll sell for way more than the
gpg "dev" got to sell out the thing she doesn't represent.
mircea_popescu: exactly that. a pointed disdain of any rule and regulation not
gpg signed as so much crud.
mircea_popescu: kakobrekla: >Stripe and Facebook are going to sponsor @gnupg development with $50k/year each. << the only important point in the ruckus being, now we know
gpg 1.x is perfectly fine and 2.x not entirely broken, and that there's absolutely no need to expect usable 3.x
mircea_popescu: phillipsjk: [...] < I wish the banks around here knew what
GPG/PGP was. << it's because i don't use actual banks, but the well developed argentine underground system.
mircea_popescu: well, you may not believe this or like this, but... my banking depends on my
gpg signature o.O
mircea_popescu: !register <full_gpg_keyid> << are youdoing the full thing ?
mircea_popescu: jurov but this flaw of the
gpg protocol can't really be fixed at the assbot elvel.
mircea_popescu: does he have like a
gpg signed thing from ben_vulpes or something ?
mircea_popescu: basically, one less explored point of usgavin's interest with the fork is to cripple the politically revolutionary side of bitcoin. obviously if bitcoin can't be bitcoin then the replacement of plain contracts with
gpg-contracts will at least be hindered.
mircea_popescu: but seriously : so the people too dumb to participate in the actual bitcoin discussion, here, eitehr because they can't get an irc client going or because they can't
gpg or whatever, because their windows doesn't come with a "b-a button", sit somewhere and derp.
mircea_popescu:
gpg: no valid OpenPGP data found. ius the very helpful error i get.
mircea_popescu: how's this a problem anyway ? pre-bitcoin, pre-
gpg, etc, i can see it. today ? who gives a shit ?
mircea_popescu: nubbins` maybe help the idiot kids make a proper
gpg contract? that shit's a sore eye by now
mircea_popescu: it does make sense. because the trust does not derive from a robotic application of a
gpg seal.
mircea_popescu: undata: because terrorists can't find an old copy of
gpg? << gun laws aren't predicated on the theory that criminals can't find a gun.
mircea_popescu: feel free to fork and fix the
gpg key verification process so it reports fingerpritns properly not wtf it's doing now.
mircea_popescu:
gpg: Signature made Sat 21 Aug 1999 07:04:31 PM ART using DSA key ID 8ACE3E79
mircea_popescu: IF
gpg doesn't put out full fingerprints for verified keys, then
gpg is broken